Hi
Sorry, that took a while, but here are the logs - ComboFix, Kaspersky, HijackThis - as requested...
ComboFix 09-09-11.03 - steven and matt 13/09/2009 13:14.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1022.367 [GMT 1:00]
Running from: c:\users\steven and matt\Desktop\ComboFix.exe
Command switches used :: c:\users\steven and matt\Desktop\cfscript.txt
SP: AntiMalware *enabled* (Updated) {A22E352E-8ADD-4EE0-87EA-81874CE74BEE}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FrostWire
c:\program files\FrostWire\01-mariah_carey-migrate_(featuring_t-pain).mp3
c:\program files\FrostWire\Akon - Convicted - 10 - Keep On Calling (Ft. P. Money).mp3
c:\program files\FrostWire\Boys 2 Men - Boyz II Men - I ll Make Love to You.mp3
c:\program files\FrostWire\Boys 2 Men - Its So Hard To Say Goodbye To Yesterday - Boyz II Men - Unknown.mp3
c:\program files\FrostWire\Boyz II Men - Boys 2 Men- End of the Road.mp3
c:\program files\FrostWire\Brit & Alex - Let It Go.mp3
c:\program files\FrostWire\Dj Ironik - One Night.mp3
c:\program files\FrostWire\DJ Ironik - So Amazing.mp3
c:\program files\FrostWire\DJ Ironik - Trust.mp3
c:\program files\FrostWire\DJ Ironik - Wifey Riddem.mp3
c:\program files\FrostWire\Dj ironik ft Wiley - please dont goo.mp3
c:\program files\FrostWire\DJ Ironik Ft. Voltage - Everytime We Touch.mp3
c:\program files\FrostWire\Ghostt - No1 Fan.mp3
c:\program files\FrostWire\Lethal Bizzle - Fire.mp3
c:\program files\FrostWire\Lethal Bizzle - Haters.mp3
c:\program files\FrostWire\Lethal Bizzle ft Kate Nash - Look What You've Done .mp3
c:\program files\FrostWire\Lil Mama ft. TPain & Chris Brown - Shawty Get Loose.mp3
c:\program files\FrostWire\log.txt
c:\program files\FrostWire\Madonna Ft Justin Timberlake - 4 Minutes (Prod. Timbaland-2008)(1).mp3
c:\program files\FrostWire\Mariah Carey - Butterfly.mp3
c:\program files\FrostWire\Mariah Carey - E=MC2 - bye bye.mp3
c:\program files\FrostWire\Mariah Carey - I don't wanna cry.MP3
c:\program files\FrostWire\nokia charger wire skepta.mp3
c:\program files\FrostWire\Pink - Family Portrait.mp3
c:\program files\FrostWire\Pokemon Soundtrack.mp3
c:\program files\FrostWire\Rihanna - Take a bow.mp3
c:\program files\FrostWire\seenMessages.dat
c:\program files\FrostWire\Skepta- Slewin' everyone.MP3
c:\program files\FrostWire\Skepta - Nokia Charger Wire.mp3
c:\program files\FrostWire\Skepta - Oh My Diddy.mp3
c:\program files\FrostWire\Skepta_-_Nokia_Charger_Wire.mp3
c:\program files\FrostWire\Wiley - Wearing My Rolex .mp3
c:\program files\FrostWire\Will.I.Am (Feat. Cheryl Cole) - Heartbreaker.mp3
c:\users\steven and matt\AppData\Roaming\AntiMalware
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-10 12-05-540.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-10 14-18-400.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-10 20-30-320.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-11 09-27-060.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-11 15-11-510.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-12 08-54-390.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-12 13-34-170.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-12 18-45-440.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-12 19-39-560.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-13 10-18-100.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-13 15-27-280.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-13 17-05-500.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-13 22-19-400.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-14 09-21-360.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-14 16-04-560.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-14 23-34-390.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-15 10-33-330.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-15 18-29-200.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-16 08-33-220.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-16 13-39-380.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-16 17-12-400.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-16 20-37-420.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-16 23-46-230.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-17 13-28-060.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-17 18-21-190.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-17 22-09-160.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-18 08-50-460.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-18 17-40-050.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-18 22-44-220.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-19 10-05-170.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-19 17-49-110.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-19 21-03-340.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-20 10-50-530.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-20 14-03-390.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-20 20-01-470.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-21 10-47-040.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-21 14-24-120.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-21 20-05-070.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-22 10-46-080.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-22 11-50-000.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-22 14-08-430.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-22 18-50-320.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-22 22-04-410.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-23 10-11-240.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-23 16-52-480.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-27 10-36-020.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-27 12-47-160.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-27 18-01-270.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-28 10-24-250.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-28 15-42-330.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-28 18-01-540.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-28 20-43-260.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-29 11-28-040.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-29 12-06-210.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-29 13-34-180.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-29 20-45-220.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-29 23-09-490.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-30 10-17-010.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-31 10-30-010.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-31 14-27-190.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-31 17-48-580.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-07-31 19-53-550.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-01 09-13-030.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-01 11-43-200.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-01 14-11-400.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-01 14-32-210.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-01 17-58-070.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-01 22-46-590.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-01 23-14-480.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-17 10-14-590.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-17 13-59-260.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-18 10-11-460.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-18 13-05-510.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-18 20-40-000.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-18 20-49-180.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-19 08-55-160.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-19 14-03-270.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-19 20-42-530.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-20 10-04-570.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-20 21-37-440.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-21 00-22-530.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-21 10-52-150.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-21 12-30-050.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-21 19-00-490.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-21 20-53-110.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-22 13-15-540.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-22 15-05-090.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-22 17-35-150.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-22 17-40-520.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-22 21-03-060.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 00-33-040.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 00-37-390.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 00-39-470.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 00-43-550.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 10-15-540.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 13-13-500.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 14-29-000.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 14-36-310.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 17-09-430.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-23 17-19-250.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-24 08-41-190.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-24 14-58-300.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-24 15-40-220.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-29 13-30-210.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-29 14-38-420.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-31 10-34-040.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-31 10-46-010.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-31 11-47-270.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-08-31 11-58-260.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-09-03 10-24-530.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-09-03 10-32-200.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-09-03 11-12-230.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-09-04 17-44-470.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-09-04 18-24-190.log
c:\users\steven and matt\AppData\Roaming\AntiMalware\Logs\2009-09-07 14-56-370.log
.
((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.
2009-09-13 12:25 . 2009-09-13 12:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-13 12:25 . 2009-09-13 12:25 -------- d-----w- c:\users\Phil\AppData\Local\temp
2009-09-13 12:25 . 2009-09-13 12:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-12 16:20 . 2009-09-13 12:25 -------- d-----w- c:\users\steven and matt\AppData\Local\temp
2009-09-11 13:00 . 2009-09-12 16:09 -------- d-----w- C:\Kontiki
2009-09-11 10:53 . 2009-09-11 10:53 -------- d-----w- c:\windows\Sun
2009-09-11 09:41 . 2009-09-11 09:41 -------- d-----w- c:\program files\iPod
2009-09-11 09:41 . 2009-09-11 09:42 -------- d-----w- c:\program files\iTunes
2009-09-11 08:30 . 2009-09-11 08:30 -------- d-----w- c:\users\steven and matt\AppData\Roaming\AVG8
2009-09-10 21:24 . 2009-09-10 21:24 -------- d-----w- c:\programdata\ATI
2009-09-10 21:21 . 2009-09-10 21:21 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-09-10 21:21 . 2009-04-03 14:21 95232 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-09-10 21:18 . 2009-04-29 02:08 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-10 20:48 . 2009-09-10 20:48 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-10 20:41 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-10 20:41 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-10 20:40 . 2009-09-10 20:41 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 20:37 . 2009-09-10 20:38 -------- d-----w- c:\program files\QuickTime
2009-09-10 16:39 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-10 16:38 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 16:38 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 16:38 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 16:38 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 16:38 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 16:38 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 16:38 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 16:38 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 16:38 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 16:38 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 16:38 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-10 16:37 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 16:37 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 16:37 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 16:37 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-10 16:37 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 16:16 . 2009-09-10 16:24 185049 ----a-w- C:\MGlogs.zip
2009-09-10 16:16 . 2009-09-10 16:24 -------- d-----w- C:\MGtools
2009-09-10 16:16 . 2009-09-10 13:13 1344398 ----a-w- C:\MGtools.exe
2009-09-10 15:54 . 2009-09-10 15:54 0 ----a-w- C:\settings.dat
2009-09-10 12:17 . 2009-09-10 12:17 -------- d-----w- c:\program files\CCleaner
2009-09-07 21:18 . 2009-09-07 21:18 -------- d-----w- c:\program files\Trend Micro
2009-09-07 18:14 . 2009-09-07 21:09 -------- d-----w- c:\users\steven and matt\AppData\Local\temp(26)
2009-09-07 18:14 . 2009-09-07 18:14 -------- d-----w- c:\users\Phil\AppData\Local\Temp(11)
2009-09-07 17:22 . 2009-09-07 17:22 -------- d-----w- c:\users\Phil\AppData\Local\Apple Computer
2009-09-07 17:22 . 2009-09-07 17:22 -------- d-----w- c:\users\Phil\AppData\Roaming\Roxio
2009-09-07 16:09 . 2009-09-07 16:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-07 16:09 . 2009-09-10 13:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-07 16:09 . 2009-09-07 16:09 -------- d-----w- c:\users\steven and matt\AppData\Roaming\SUPERAntiSpyware.com
2009-09-07 16:08 . 2009-09-10 13:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-07 14:26 . 2009-09-07 14:26 -------- d-----w- c:\users\steven and matt\AppData\Roaming\Malwarebytes
2009-09-07 14:26 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 14:26 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 14:26 . 2009-09-10 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 14:26 . 2009-09-07 14:26 -------- d-----w- c:\programdata\Malwarebytes
2009-09-03 10:42 . 2009-09-03 10:42 -------- d-----w- c:\program files\ATI
2009-09-03 10:40 . 2009-09-03 10:40 -------- d-----w- C:\ATI
2009-09-03 10:04 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-03 09:56 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-03 09:56 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 09:24 . 2009-09-04 16:44 680 ----a-w- c:\users\steven and matt\AppData\Local\d3d9caps.dat
2009-08-31 10:52 . 2009-08-31 10:52 -------- d-----w- c:\program files\NortonInstaller
2009-08-20 20:44 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-20 20:44 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-20 20:44 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-20 20:44 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-20 20:44 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-20 20:44 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-20 20:44 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-20 20:44 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-17 09:29 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-17 09:29 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-17 09:29 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-17 09:29 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-17 09:29 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-17 09:29 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-17 09:29 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-17 09:28 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 12:25 . 2008-03-21 16:54 -------- d-----w- c:\programdata\Kontiki
2009-09-11 09:41 . 2007-07-02 21:13 -------- d-----w- c:\program files\Common Files\Apple
2009-09-11 09:12 . 2007-07-02 21:13 -------- d-----w- c:\programdata\Apple Computer
2009-09-10 21:24 . 2007-03-14 08:07 -------- d-----w- c:\program files\ATI Technologies
2009-09-10 21:00 . 2007-07-02 21:16 -------- d-----w- c:\users\steven and matt\AppData\Roaming\Apple Computer
2009-09-10 20:46 . 2008-03-21 09:36 -------- d-----w- c:\program files\Safari
2009-09-10 16:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 16:31 . 2007-12-22 09:11 -------- d-----w- c:\users\steven and matt\AppData\Roaming\Packard Bell
2009-09-10 12:04 . 2009-05-04 07:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-10 12:04 . 2007-12-01 11:08 -------- d-----w- c:\program files\Java
2009-09-07 21:11 . 2008-07-05 10:37 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-07 17:22 . 2007-07-02 19:33 83384 ----a-w- c:\users\Phil\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-07 16:01 . 2007-03-14 08:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-07 16:00 . 2007-03-14 08:13 -------- d-----w- c:\programdata\Symantec
2009-09-07 15:42 . 2007-07-02 19:52 -------- d-----w- c:\program files\MSN Messenger
2009-08-20 09:40 . 2007-07-02 19:44 37272 ----a-w- c:\users\steven and matt\AppData\Roaming\wklnhst.dat
2009-08-13 10:14 . 2009-08-13 10:14 472064 ----a-w- C:\RootRepeal.exe
2009-07-21 21:52 . 2009-07-29 09:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 09:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 09:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 09:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 14:00 . 2009-07-15 14:00 -------- d-----w- c:\programdata\NortonInstaller
2009-06-15 14:53 . 2009-07-15 09:42 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 09:42 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 09:42 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 09:42 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 09:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2007-03-14 15:54 . 2007-03-14 15:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-09-12_16.03.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-14 08:06 . 2009-09-13 12:13 68334 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-13 12:13 77456 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-07-02 20:08 . 2009-09-13 12:13 21134 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4215399350-4177395727-2489711560-1003_UserData.bin
+ 2007-07-02 19:24 . 2009-09-13 12:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-02 19:24 . 2009-09-12 11:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-07-02 19:24 . 2009-09-12 11:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-07-02 19:24 . 2009-09-13 12:10 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-07-04 15:52 . 2009-09-12 16:09 4626 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-09-12 11:30 . 2009-09-12 11:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-13 12:10 . 2009-09-13 12:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-12 11:30 . 2009-09-12 11:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-13 12:10 . 2009-09-13 12:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-04 08:24 . 2009-09-13 12:10 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-04 08:24 . 2009-09-12 11:30 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2007-07-02 19:24 . 2009-09-13 12:10 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-02 19:24 . 2009-09-12 11:30 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"HostManager"="c:\program files\Common Files\AOL\1173859703\ee\AOLSoftware.exe" [2006-11-14 50736]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-10 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 18944]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-10 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):56,87,81,f3,15,e5,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5B25D64F-86BA-468A-B4C7-12703E460870}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{4C7EA2EC-7BB4-48BB-AA21-A905C1F8BF5D}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{1BD9E661-E34D-4E56-B1E1-8D0224ADD313}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{4EFA2407-3542-4AAF-9D5E-3F03DC4E7136}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{3593322F-B3A8-4DE2-9442-65C8171F082D}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{1F26554A-C240-4C3C-A364-EE0408AE3F08}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL
"{6EFF20A2-845D-4B7B-9898-77D8CAE976E5}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{BB18C836-D797-4544-8397-4C30339028AF}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{B644713B-A6BC-4EF3-949C-0ADF69A4E6C5}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{6535B5B5-D364-45D2-845A-634E36690C80}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{7449E4DC-6F99-46F7-8D21-CCD586FA1C6D}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{7355D5F9-BE17-4508-9F39-8A61EB72DC04}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{ADFC196C-C492-485C-AADC-F0E23EC6C447}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{86106E12-B160-4F77-9E19-BFA0EBC87328}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{08F9B80F-B35A-442E-BB9A-3DCEBD8DAE72}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{C3C20D16-9010-437F-B842-42A91F1ADA90}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C329615A-E9A3-40AE-B938-3678B8F067BB}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{51F892CC-CC4C-4F58-8269-FECCAEA1DD4E}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{EE376C0C-9108-4211-9D49-3821A527110D}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{3FDF57ED-3131-45B8-AE1F-BF1BD2F9647F}"= UDP:c:\program files\Common Files\aol\1173859703\ee\aolsoftware.exe:AOL Services
"{14A7C763-BCF3-4BEC-A9CF-AF27FD3F8D46}"= TCP:c:\program files\Common Files\aol\1173859703\ee\aolsoftware.exe:AOL Services
"{21FF370D-CBC3-4E33-9126-89EEF99DED86}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DA5A857B-F3BE-41E7-943B-E559C351E3BB}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{946C4049-953E-4763-91B9-D7D5A4B602BC}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{4932FBD8-F615-4908-8D45-EC7058892CCD}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0F95F9EF-C636-4D2C-99A0-3CB2EF6416ED}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9DDA1371-C049-4504-83D2-C240C505B9AC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1520C8D1-4A46-480B-8B3C-193EAEF16C53}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AF85B9DD-743E-430B-B44B-B2A7D74704AB}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{E4382513-FB82-4CA6-AEC1-5F6DBDADA500}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [02/07/2007 21:02 77004]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [04/09/2009 14:50 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04/09/2009 14:49 74480]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [29/04/2009 03:07 176128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [29/09/2008 16:27 210216]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [14/03/2007 16:54 816512]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [10/09/2009 22:21 95232]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [04/09/2009 14:50 7408]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/03/2007 09:13 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2007-07-26 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 09:14]
2007-07-03 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-02-24 10:53]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-02-24 10:53]
2007-07-09 c:\windows\Tasks\PBReg.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 13:05]
2007-08-16 c:\windows\Tasks\PBRegbk.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 13:05]
2009-09-12 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-03-14 16:34]
2009-09-13 c:\windows\Tasks\User_Feed_Synchronization-{4F878003-80D5-439B-9573-560D537B2563}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
2009-09-13 c:\windows\Tasks\User_Feed_Synchronization-{759A0F8C-E8B4-45CC-95DB-248466E30E77}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.aol.com/mStart Page =
hxxp://uk.yahoo.comuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search
TCP: {A01BC037-DC98-4470-A87D-54633D54BCA1} = 205.188.146.145
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} -
hxxp://www.digitalwebbooks.com/reader/dbplugin.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-13 13:25
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-09-13 13:27
ComboFix-quarantined-files.txt 2009-09-13 12:27
ComboFix2.txt 2009-09-12 16:20
ComboFix3.txt 2009-09-12 16:05
ComboFix4.txt 2009-09-10 15:37
ComboFix5.txt 2009-09-13 12:12
Pre-Run: 165,777,108,992 bytes free
Post-Run: 165,679,534,080 bytes free
431 --- E O F --- 2009-09-11 10:51
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 13, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 13, 2009 15:07:08
Records in database: 2801519
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Objects scanned: 143231
Threats found: 5
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 01:59:05
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\FrostWire\nokia charger wire skepta.mp3.vir Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\Bloc party - Tulips.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\change in nature operahouse MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\coldtown natty.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\Flobots-Happy Together.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\high school musicla sexy girl has shaking orgasm during sex.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\nokia charger wire.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\put donk on it black out crew.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\silence in violence rifles.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\sway ft stash-fuck your ex .mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Users\steven and matt\AppData\Local\VirtualStore\Program Files\FrostWire\wiley- summertime .mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
Selected area has been scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:29, on 13/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1173859703\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\vVX3000.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173859703\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) -
http://www.bebo.com/files/BeboUploader.5.1.4.cabO16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) -
http://www.digitalwebbooks.com/reader/dbplugin.cabO16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
http://upload.facebook.com/controls/Fac ... oader3.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) -
http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cabO16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} -
http://appdirectory.messenger.msn.com/A ... tPkMSN.cabO16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -
http://appdirectory.messenger.msn.com/A ... gWXMSN.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/f ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A01BC037-DC98-4470-A87D-54633D54BCA1}: NameServer = 205.188.146.145
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 9690 bytes